1. Field of the Invention
The present invention generally relates to credit and identity verification systems. More particularly, the present invention relates to credit approval and fraud protection at the point-of-sale for a transaction wherein biometric information is used to verify the identity of a person presenting a token for payment as an authorized user for the associated account and that the account is in order for the transaction. Transaction tokens can include a negotiable instrument, a credit card, a smart card, a loyalty card and a debit card. Information on the authorized accounts can be stored in either a token-based or tokenless electronic transaction system.
2. Description of the Related Art
There are devices known in the art that gather biometric data from persons for storage or for comparison with stored biometric data for purposes of identity verification. An example of storing biometric data for identity verification is U.S. Pat. No. 4,213,038 to Silverman, et al., for an access security system. Silverman, et al., discloses storing a fingerprint on a card, in either an actual print or “micropattern,” and the card is read by a control means. The fingerprint recordation is ancillary to the preferred function of the card which is identification based upon solely the microperforation of the card, which is not directly related to the fingerprint.
Check funds verification systems are also known in the art that allow merchants and others to verify that customers have funds available in a specific checking account. U.S. Pat. No. 5,484,988 to Hills, et al., discloses a check-writing point-of-sale system that provides for remote verification of funds availability. Hills, et al., is particularly directed to the purchase of goods through an electronic funds transfer.
U.S. Pat. No. 4,253,086 to Szwarcbier discloses a process and apparatus for positive identification of customers that is particularly disclosed as using a fingerprint on a credit card and comparing the fingerprint of the customer to that on the card, and selectively, with a master print on file. Szwarcbier also discloses a printed fingerprint card.
There are “smart cards” known in the art which include fingerprint identification means, such as U.S. Pat. No. 4,995,086 to Lilley, et al., U.S. Pat. No. 4,582,985 to Lofberg, U.S. Pat. No. 4,993,068 to Piosenka, et al., and U.S. Pat. No. 5,180,901 to Hiramatsu. All of these references disclose smart cards that have, at least, a stored fingerprint in a local memory (such as magnetic tape or integrated circuit) that interacts with a reading means at the point-of-sale to assist in customer identification.
An example of an actual fingerprint sensor is U.S. Pat. No. 5,745,096 to Hsumi, et al., which is for a surface-shaped sensor identification device. The Hsumi, et al. device is focused on the specific element of sensing and recording the fingerprint, as opposed to a complete identity verification system.
There are various types of biometric measurements in common use today. The types of biometric measurements include fingerprint verification, hand geometry, voice recognition, retinal scanning, iris scanning, signature verification, and facial recognition. Each biometric device and system has its own operating methodology. The process for any given individual usually begins with an enrollment process. The system captures one or more samples of the biometric. The samples are stored in a “biometric template” (also referred to herein as a biometric database), and are used for future comparison during authentication. Once enrollment and storage are complete, users authenticate themselves by matching the template against current input (“live data”). Comparison of the live data and the template results in a simple binary yes/no match.
Fingerprint verification is a well-known type of biometric measurement. If properly implemented, fingerprints provide high accuracy and at relatively low cost. Hand geometry measures physical characteristics of the individual's hand and fingers and is widely used in physical access control systems. Voice recognition remains difficult to implement. Despite recent advances in voice recognition technology, background noise, microphone quality, the common cold, and anxiety can alter the human voice enough to make voice recognition difficult, if not impossible. Voice recognition technologies include telephone authentication. Extraction and pattern matching algorithms embedded on computer chips are used to analyze voices. Retinal scanning is well established and highly accurate, however, it requires that the individual look directly into the retinal reader. Retinal scans shoot a low-intensity beam of light into the eye and record the pattern of veins in the eye. Iris scanning overcomes most of the problems of retinal scanners and does not require direct contact with the scanner, nor does it require the individual to remove eyeglasses. The technology works by scanning the unique random patterns of the iris. Unlike retinal vein patterns that can change over time, the iris is unique and does not change during a person's lifetime. Facial recognition systems measure characteristics such as the distance between facial features (e.g., pupil to pupil) or the dimensions of the features themselves (such as the width of the mouth). Neural network technology or statistical correlations of the facial geometric shapes are used with this kind of system. Signature verification is a relatively accurate system and is treated separately from the other forms of biometric systems described herein.
With fraudulent check losses alone reaching ten billion dollars annually, the banking industry is striving for ways to reduce these losses. Many proposals have been presented over the last five to ten years. One approach is placing the individual's fingerprint on a sticker and attaching the sticker to the check being presented. Among the more sophisticated approaches is the use of smart cards that have a chip containing biometric information of the account holder. The biometric information stored on the chip can be compared with the biometric information of the person presenting the smart card at the transaction location. However, these alternative methods of reducing fraudulent activity are not meeting the needs of industry. The use of fingerprint stickers are a deterrent for a less sophisticated forger, but the process of identifying the fingerprint on a sticker can take a long time in crime labs due to their backlog and their obvious priority of processing fingerprints obtained from crime scenes in which felonies involving violence occurred. Smart cards with embedded biometric chips are used with credit cards or debit cards, but still do not prevent the more sophisticated identity thief. The more sophisticated identity thief steals account information and then produces his own credit card containing his own biometric information embedded in the chip. When the identity thief presents his biometric information at the transaction location, the verification is being made against an already faulty biometric sample stored on the chip.
Tokenless point-of-sale payment processing systems have also been developed recently. One such system is described in U.S. Pat. No. 6,581,042 to Pare, et al. that uses biometrics obtained at the point-of-sale for verifying the identity of an individual as an authorized user of the tokenless payment system. Tokenless processing systems are intended to speed up the process of check-out at a transaction location by not requiring the person to present a physical token and by verifying the identity of the person presenting payment with the tokenless processing system. A drawback of current tokenless systems is that they only verify tokenless transactions. Tokenless systems do not verify the individual's identity or cross compare with a token-based transaction processing system when a transaction token is presented for payment at the point-of-sale. Therefore, unless the tokenless transaction system can be combined with verification of token transactions presented at the point-of-sale the tokenless transaction system does not prevent and is vulnerable to fraud. For example, a person registers with the tokenless processing system by providing account information and a biometric for identification during the processing of purchases at the point-of-sale by the tokenless processing system. The person registering with the tokenless system believes that all purchases will be authenticated by his biometric. However, this does not prevent a thief from either stealing or fabricating the registered person's physical token (e.g., check, credit card, etc.) and presenting it at a location that uses the tokenless processing system. Unless the physical token presented is checked against the tokenless processing payment system to determine if the account being accessed needs to be authenticated by a biometric, the physical token could be accepted without verifying the identity of the person presenting the token for payment.